Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 9:9 p.m.5 views

CVE-2026-25732

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...

7.5CVSS6.4AI score0.03212EPSS
Exploits3References4Affected Software1
EUVD
EUVD
added 2025/10/25 6:30 a.m.3 views

EUVD-2025-35914

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

5.3CVSS4.5AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2025/10/25 5:15 a.m.6 views

CVE-2025-10579

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

5.3CVSS0.00254EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 4:22 a.m.24 views

CVE-2025-10579

CVE-2025-10579 affects the BackWPup – WordPress Backup & Restore Plugin for WordPress. The root cause is a missing capability check on the Ajax action backwpup_working, allowing authenticated users with Subscriber-level access or higher to retrieve a backup file name while a backup is running. Im...

5.3CVSS4.6AI score0.00254EPSS
Exploits0References3
OSV
OSV
added 2025/07/25 1:16 p.m.2 views

OESA-2025-1885 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An issue ...

7.8CVSS7.4AI score0.0071EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.7 views

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS6.6AI score0.01082EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 6:15 p.m.24 views

CVE-2024-42408

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure...

6.9CVSS0.00384EPSS
Exploits0References2
OSV
OSV
added 2020/02/20 3:15 a.m.7 views

CVE-2014-4660

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb...

5.5CVSS5.2AI score0.0038EPSS
Exploits0References8
Rows per page
Query Builder